[dnsdist] Performance/tuning sanity check
Dan McCombs
dsmccombs at gmail.com
Thu Dec 22 17:18:48 UTC 2022
Hi Everyone,
I've been doing some performance testing and tuning of dnsdist and was
hoping to get a sanity check that these numbers seem reasonable for the
given hardware, or if there's any performance tuning I'm overlooking.
I'm testing against a single 32-core machine (4 x Intel® Xeon® Silver
4110 @2.10GHz) with 96GB of RAM running dnsdist 1.5. I'm running NS1's
Flamethrower test from 700 clients querying a single FQDN via UDP with a
300 second TTL for 10 minutes to be almost entirely answering from dnsdist
cache. This is querying against 2 addresses that the same dnsdist instance
is listening on.
For dnsdist performance tuning, the following things are in place:
* A single dnsdist instance
* One listener on 127.0.0.1:53
* 7 listeners each using addLocal and reusePort=true on each of the 2
external addresses
* A packet cache with numberOfShards set to 20
* setMaxUDPOutstanding set to 65535
* setRingBuffersSize set to 100000, 20
* setRingBuffersLockRetries set to 5
* setUDPMultipleMessagesVectorSize set to 1024
On the OS level, I can't think of any tuning in place besides netfilter
connection tracking being disabled.
With this configuration past 210,000 QPS I start seeing missed responses to
queries. If I add some dnsdist rules that drop some queries, I can send
more queries and get expected responses for others that are not picked up
by the rules. The threshold seems to be around 420,000 QPS combined queries
and responses, where past that things start to have issues, whether those
are 210k answered queries or 350k queries with only 70k expected to be
answered.
Do those numbers seem reasonable for this hardware? I've gone through the
performance tuning documentation, but is there anything else I'm missing?
Is the number of listeners appropriate for this number of CPU cores with 2
listening addresses?
Thanks for any experience and information,
-Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221222/41be6c7a/attachment.htm>
More information about the dnsdist
mailing list